PT-2021-23861 · Mozilla+4 · Firefox+4

Jake Heath

Published

2021-12-07

Updated

2024-12-12

CVE-2021-43540

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 95

Description The issue allows WebExtensions with the correct permissions to create and install ServiceWorkers for third-party websites. These ServiceWorkers would not be uninstalled when the extension is removed.

Recommendations For versions prior to 95, update to version 95 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2021-3496

ALT-PU-2021-3576

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

CVE-2021-43540

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2024:11669-1

OPENSUSE-SU-2024:14572-1

USN-5186-1

USN-5186-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2021-23861 · Mozilla+4 · Firefox+4

CVE-2021-43540

Related Identifiers

Affected Products

References · 2185